Please post your questions or comments in the new BulletProof Security Forum. When posting questions please provide specific details about the exact problem that is occuring
A BPS free general troubleshooting help page can be found here → BulletProof Security Free Forum
A BPS Pro general troubleshooting help page can be found here → BulletProof Security Pro Forum
Example:
Provide the plugin name if there is an issue or problem with another plugin.
Provide your exact steps in specific detail that led to the error, issue or problem.
Provide the error message that is occurring.
BulletProof Security Version .47.5 >>> Released 10-22-2012
BulletProof Security Version .47.4 >>> Released 9-18-2012
BulletProof Security Version .47.3 >>> Released 8-12-2012
BulletProof Security Version .47.2 >>> Released 8-05-2012
BulletProof Security Version .47.1 >>> Released 5-11-2012
BulletProof Security Version .47 >>> Released 5-10-2012
BulletProof Security Version .46.9 >>> Released 3-14-2012
BulletProof Security Version .46.8 >>> Released 1-16-2012
BulletProof Security Version .46.7 >>> Released 1-04-2012
BulletProof Security Version .46.6 >>> Released 12-01-2011
BulletProof Security Version .46.5 >>> Released 11-21-2011
BulletProof Security Version .46.4 >>> Released 8-09-2011
BulletProof Security Version .46.3 >>> Released 6-09-2011
BulletProof Security Version .46.2 >>> Released 4-24-2011
BulletProof Security Version .46.1 >>> Released 4-09-2011
BulletProof Security Version .46 >>> Released 3-09-2011
BulletProof Security Version .45.9 >>> Released 2-22-2011
BulletProof Security Version .45.8 >>> Releases 1-27-2011
BulletProof Security Version .45.7 >>> Released 12-31-2010
BulletProof Security Version .45.6 >>> Released 11-1-2010
BulletProof Security Version .45.5 >>> Released 10-10-2010
BulletProof Security Version .45.3 >>> Released 9-18-2010
BulletProof Security Version .45.2 >>> Released 8-13-2010
BulletProof Security Version .45.1 >>> Released 7-24-2010
BulletProof Security Version .45 >>> Released 7-22-2010
If you dig it please create a link back to AITpro. Thank you.
Tags: BulletProof Security Comments, BulletProof Security Questions
Categories: BulletProof Security Plugin Support
I hope this appears in blockquotes but if it doesn’t my problem is a plugin that has a URL call containing two sets of [] brackets needs to be cleared to work. At the moment it only works if I delete both the htaccess files from the root and wp-admin directories and replace them after I finish. This needs to run on a schedule so doing this manually is not an option. I can see above where you clear other URL’s to work but not sure if this is appropriate for a URL containing [] square brackets.
The action is referencing a php file in the WP-admin folder
p.s. If I can solve this do I have to redo the same thing when I purchase the PRO version as well.
Yep whatever works on BPS would also need to be done on BPS Pro.
the Square brackets characters are explicitly blocked in the root .htaccess file so you would need to modify the 2 security filters below in your root .htaccess file.
I’m not exactly sure how tools.php is being called from wp-admin, but you may need to also create a skip/bypass rule in your wp-admin .htaccess file.
Root .htaccess file modification:
Before modification RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR] After modification RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]Possible additional wp-admin skip/bypass rule – see this link for an example >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#Full-Screen-Background-Images-Pro
I should have included the name of the plugin in the firt instance. My sincere apologies. It is called PressBackup by Infinite Media http://pressbackup.com/
Can you please recheck your answer. The first line of *After modification already exists:
RewriteCond %{QUERY_STRING} ^.*(\(|\)||%3c|%3e).* [NC,OR]A plugin test has been scheduled the pressbackup plugin. the test will be performed on the Pressbackup plugin in the WordPress Plugin repository.
Recheck: Yes, my answer was correct regarding the root .htaccess coding modification. Thank you.
Testing could not be completed.
Plugin failed to be activated on a XAMPP testing site. The generic error message does not indicate what needs to be done to fix the problem.
Plugin could not be activated because it triggered a fatal error.
PressBackup: Please change the value of prefix, on config/config.php
Warning: Please change the value of prefix, on config/config.php in C:\xampp\xxxxx\xxxxx\wp-content\plugins\pressbackup\.core\w2pf_init.php on line 54
I attempted to fix this issue to continue testing. The plugin is not well documented and i was unable to find a solution to this activation error to continue testing of this plugin.
This plugin does not qualify for Live Site Testing. Live site testing can only be done if the plugin meets strict AITpro Live Site testing guidelines.
Hello,
My WordPress installation type is: GWIOD (Giving WordPress Its Own Directory)
My Server is using CGI or DSO (you will find this under System Info): Unable to confirm
My WordPress installation / site is installed in a subfolder of the main domain.
The Automagic buttons aren’t working for me, and I get the following errors:
“The file wp-content/plugins/bulletproof-security/admin/htaccess/default.htaccess is not writable or does not exist.”
“wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess is not writable or does not exist.”
However, the files DO exist and their file permissions are set to 644.
I also see the following error message: “BPS Alert! An htaccess file was NOT found in your wp-admin folder. Check the BPS Security Status page for more specific information.”
It sounds like your Server is configured with DSO.
Please go to the BPS System Info page and copy and paste your Server API below in your reply.
Server API:
Hello,
I have a customized wordpress page on my website. I signed into my wordpress account today and saw the following alert. Can you please let me know what I need to do to get this resolved? Thanks so much!
BPS Alert! Your site does not appear to be protected by BulletProof Security
If you are upgrading BPS – BPS will now automatically update your htaccess files and add any new security filters automatically.
Refresh your Browser to clear this Alert
Any custom htaccess code or modifications that you have made will not be altered/changed. Activating BulletProof Modes again after upgrading BPS is no longer necessary.
In order for BPS to automatically update htaccess files you will need to stay current with BPS plugin updates and install the latest BPS plugin updates when they are available.
If refreshing your Browser does not clear this alert then you will need to create new Master htaccess files with the AutoMagic buttons and Activate All BulletProof Modes.
If your site is in Maintenance Mode your site is protected by BPS and this Alert will remain to remind you to put your site back in BulletProof Mode again.
If your site is in Default Mode then it is not protected by BulletProof Security. Check the BPS Security Status page to view your BPS Security Status information
The .htaccess file that is activated in your root folder is:
############## EZSiteMove.com Security Packag
Either a BPS .htaccess file was NOT found in your root folder or you have not activated BulletProof Mode for your Root folder yet, Default Mode is activated, Maintenance Mode is activated or the version of the htaccess file that you are using is not .47.3 or the BPS QUERY STRING EXPLOITS code does not exist in your root .htaccess file. Please read the Read Me button above.
Looks like you are using another security plugin call EZSiteMove Security Package. I have never heard of it before so i have no idea if it is compatible with BPS or not. it looks like something that comes with the Hosting package. Make a copy of your root .htaccess file so that you have a copy of that plugin’s coding and then if you want to get BPS working you will need to click the AutoMagic buttons and activate all BulletProof Modes.
Hi,
Ok, so this same blog has been hacked again. This time they spammed sending out tons of e-mails from my site. How they did that through the blog is beyond me.
I have a couple of questions before deciding on the pro version:
1. Someone is telling me it’s the hosting company allowing the hacking. Is that true? Are they just not secure enough?
2. You say that the site has to be clean before installing BP, but here you say that BP will find the hack code although there’s no checkmark for the free or pro version.
“BulletProof Security Pro ~ Pro Tools is a collection of versatile tools that allow you to do things like decode hackers base64 scripts, Encrypt and Decrypt text or code, search your entire site or sites for hackers code, text, code, functions, etc., search your entire DB for hackers code, text and code and other tools…so far.”
Does this mean this is coming?
You said that often the one file removed from the hack isn’t the only file, so how do you expect us to know 100% that our sites are clean before using BP?
My hoster said they removed everything, but who knows with them.
3. On your sales page & comparison page you don’t tell us what version of BP you are talking about.
4. When is this version 5.17 coming?
Thank you
Michelle
If they were able to send Spam emails from your site then they have cracked one your WordPress administrator passwords.
1. Some hosts are more secure then others. It just comes down to who configured the Server and Server security – a seasoned veteran Server Administrator or someone who is not professional.
2. BPS Pro does have tools that will allow you to clean a hacked site up, but if you do not have experience in dehacking a website then it is just much quicker to restore it from a good backup. BPS Pro is primarily a website security protection plugin that protects against hackers. If the hackers are already inside of your site then BPS Pro cannot do very much since they are already passed your website security protection. An analogy is that if bank robbers are already in the bank vault then the steel bank vault door is no longer of any use. Pro-Tools are included in BPS Pro, but I do not recommend trying to dehack your website using the Pro-Tools. It could take you hours to do this if you are not very experienced with doing this and restoring a website from backup only takes about 10-15 minutes.
3 & 4. BPS Pro 5.1.8.4 is the most current version and includes every feature that is listed on this page.
Hi, just wondering if I can get a bit of help, I’ll give you as much info as I can…
After updating I was getting a couple of error messages about folders not existing (backup related ones), so I created those via FTP.
Then I was having issues with the automagic buttons not working
so I fixed the permissions of the files needed and got that working.
Now I can’t activate BulletProof mode, it’s coming up with the following errors…
Warning: chmod() [function.chmod]: No such file or directory in /home/diamobl/public_html/wordpress/wp-content/plugins/bulletproof-security/admin/options.php on line 109
Warning: copy(/home/diamobl/public_html/wordpress//.htaccess) [function.copy]: failed to open stream: Permission denied in /home/diamobl/public_html/wordpress/wp-content/plugins/bulletproof-security/admin/options.php on line 110
Here’s the some details from the system info window –
Server Type: Apache
Operating System: Linux
Server API: apache2handler – Your Host Server is using DSO or another SAPI type.
Multisite: Multisite is Not enabled
I tried copying the “secure.htaccess” file locally and renaming it so I could put it in the root myself,
but windows won’t let me rename it as such.
I also tried disabling all other plugins, but still got the above errors when trying to activate Bulletproof mode.
I’m not using the cPanel Hotlinking protection.
Any suggestions?
Many thanks,
Rex.
Since your Server API is DSO you will need to do several steps manually or you can copy files manually with FTP. Please see the DSO setup steps on this help page – http://www.ait-pro.com/aitpro-blog/1166/bulletproof-security-plugin-support/bulletproof-security-plugin-guide-bps-version-45/
When copying files from your website to your computer like secure.htaccess, Windows will not see the file name as valid file name if you rename it to just .htaccess on your computer so after you upload the file to your website that is when you would rename it. At some point we will add additional coding to BPS to allow the automation in BPS to work for DSO configured Servers.
Ah right, sorry, not super technical so I didn’t realise the DSO thing was the issue, I’ve followed your guide though at the link for DSO users and it’s all set up with no warnings now.
Many thanks for the speedy response!
I tried the free version on one of my sites as above and all was fine until I updated then I see red messages about there not being an.htaccess file in a folder. I added a copy of the .htaccess file to the said folder but still have the messages.
Why was it ok before the update and not now?
Peter
The BPS autoupdate on upgrade is working correctly (10,000+ successful upgrade installations so far) so not sure what went wrong on your site. Check the BPS System Info page and post your Server API type in your reply. Then do the normal steps to create and add .htaccess files:
click the AutoMagic buttons.
Activate all BulletProof Modes
Hi
I have the same problem after the update.
I’M getting the red message and I have set it up several times.
It happens on more sites
Website Root Folder: http://www.grabahealthylife.com
Server Type: Apache
Operating System: Linux
Server API: cgi-fcgi – Your Host Server is using CGI.
Multisite: Multisite is Not enabled
Cheers Gunnar
Do you see error messages or success messages when you click the AutoMagic buttons on the Security Modes page?
Do you see error messages or success messages when you activate BulletProof Modes on the Security Modes page?
I see success messages
Oh, by the way after the update it said it would automatic update
my .htaccess files, but it did,nt. I set it up manually.
Could it be that I should try to uninstall and install the new version?
No it did’nt work
the warning are still coming back
Are you using a Custom Permalink structure? BPS requires that you use a custom permalink structure.
Are you using a custom permalink structure hack such as using /%postname%.html? This hack will break several things besides BPS.
When you say the warnings are coming back – are you saying that after using AutoMagic and activating BulletProof Modes the alerts went away and now the alerts are displaying again? If so, then you have another plugin installed on your site that must be changing your htaccess files automatically or maybe you are using the cPanel HotLink Protection tool in your cPanel? The cPanel Hotlink Protection tool breaks BPS and has been broken in general since 2002.
Regarding BPS upgrade auto-updates:
If you have a really old version of BPS installed then the auto-update upgrade will NOT automatically update your .htaccess files and you will need to click the AutoMagic buttons and then activate BulletProof Modes again. The auto-update only works if you stay current with BPS upgrades.
Have you physically looked at your Root .htaccess file to make sure it is ok and not modified? ie code has been added to it by another plugin? Are you using any other security plugins? I believe 6scan still breaks BPS htaccess files.
Re: permalink I’m using postname in commen settings as allways.
I,m using secure wp, wso security and sucuri scanner.
All other plugins have been there before the update.
They have all lived fine together untill the last update
I,m updating from the version before.
I,m not using cPanel HotLink Protection tool
I have lately installed seo wordpress.
I have not physically looked at my Root .htaccess file
I don’t know what look after.
Howdy, Gunnar
Ok try deactivating all of your plugins except BPS and then use AutoMagic and Activate BulletProof Modes. Thanks.
It seems to work I will come back if it dosn’nt.
Ok if that worked then you have another plugin installed on your website that is breaking the BPS plugin. Thanks.
hi – i’m having an issue with searches generating error pages when they include special characters
for example if someone searches for the phrase “women’s issues” they get an error page vs “womens issues” which works fine (apostrophe is omitted)
?s=women’s+issues
vs
?s=womens+issues
is there anyway to get around this?
The apostrophe character in regular writing is the single quote character in coding. The single quote character is one of the most dangerous coding characters since it is commonly used in hacking. Since you cannot convert the input string with an .htaccess file to create a safe HTML entity then that leaves you only one option – to allow the single quote character in a query string. This decreases your website security so i obviously do not recommend allowing this, but this is how you would allow the single quote character to be used in a query string on your website.
Modify this security filter as shown below
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|%0A|%0D|%3C|%3E|%00) [NC,OR]Modify this security filter as shown below
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%3C|%3E|%00) [NC,OR]thanks for the fast reply!
is there a way to convert dangerous characters like these into HTML entities before writing them to the search query string?
i’d be happy converting them or even filtering them out of the query … but as it works now the user experience is very poor because they user is directed to a Red Hat Linux test page and not given any indication of what went wrong
thank you
Nope because .htaccess code does not have an equivalent way of doing the conversion like PHP coding does. .htaccess coding is processed first before anything else on your website and that is why .htaccess files are the best website security protection. A hacker is stopped dead before they can even get to your PHP coding/WordPress. 😉
Here are some other available options.
you could try and create skip/bypass rules based on search terms, but this would probably require creating a very long list of words to allow.
Create a 403 Error page using the ErrorDocument 403 /403.php directive that is commented out in your root .htaccess file. On that page you would let folks now that using the single quote / apostrophe is not allowed and to try their search again without using the apostrophe.
Hello,
my site was working fine untill i used bulletproof security plugin in, it missed how the property photos are displayed, as you can check on my website.
at first i could not see the photos at all until i restored the original file from an older backup oi had, but i could not fix the photos problem completely.
Please advice
Take a look at the BPS System Info page and post these things below in your reply. It looks like your Server is nginx, but that may just be the frontend and not backend.
Server Type:
Operating System:
Server API:
The problem appears to be this:
Your Theme is: the-bel-air-2-5 and it is doing a thumbnail caching method and link redirection method that simulates a hackers RFI hacking attempt. In order to allow your theme to do this you will need to modify this security filter below and add thumbnail\.php to the skip/bypass rule
RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] modify the security filter to this below RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php|thumbnail\.php) [NC]I love Bulletproof and use it on all my websites. Is there a plugin to back up my WordPress database that you know of that works well with BPS? (Without having to mod .php files). I’d rather backup manually than to give up BPS, but thought I’d ask. My installations are all on Linux servers. Thanks!
BackWPup is a very nice backup plugin and nothing needs to be modified or allowed by BPS.
i installed BPS in my wordpress website http://devilxscience.in . i turned on the maintance option but that time my IP address changed so i cant login to my dashboard , so i deleted BPS through FTP after that my site get works after an 3 or 4 days i cant login my site . when i try to login it appers blank. then i tried to delete .htaccess file on my Public_html but i cant delete it. if i delete it means the next second it a new .htaccess file will appers there. but now whats the problem is the .htaccess file is hidden some where in Public_html. i cant search it. my question is there is any link to my login gets blank because of the .htaccess file on public_html?? how to delete .htaccess file from my site ?? is there any solution for this???? please help me.
Do you have BPS Pro or BPS free? If you have BPS Pro installed then you would need to turn off ARQ when modifying files with FTP otherwise they will autorestored. If you have BPS free installed then if you delete the .htaccess file it will stay deleted and not be autorestored so something else is doing this and not BPS.
am using BPS free and yet i cant delete the .htaccess file
BPS free does not prevent you from deleting .htaccess files and would not restore .htaccess files so this problem is not being caused by BPS. Deactivate all of your plugins and try to get to your login page. Also I looked at your website and i see that you are not using a custom permalink structure. This could possibly be related to the problem as well. other things to check would be – are you using the broken cPanel Hotlink Protection Tool?
nope i disable my hotlink protection.. i cant understand whats happening. please could you help me in step by step process to recover my website ??? pleaseeeeeeeeeeeeeeee 🙁
You cannot disable cPanel HotLink Protection because that is also broken. I don’t see how this could possibly be related to BPS because the problem you are describing would not and could not be caused by BPS so I don’t have any idea what could be wrong with your website. Try restoring the website from a backup. If that does not work you will need to contact your web host.
i restored but still the problem contionus … 🙁 🙁 plzz plzzz plzzz plzz plzzz help meeeee ths prblm killing me 🙁
we no longer offer website repair services and this problem is not related to BPS so what i recommend is that you contact your web host.
Hi, I have been having major problems with hackers and am just about to buy BPS pro. But, how do I know if my sites are clean?
I get continual emails from WordPress Firewall that hack attempts have been blocked, but I do not know if they have actually gotten in. Is there any way of finding this out?
I believe that plugin tells you that a lot of warnings may be false alarms and that you can not be alerted about them again. You can run a Sucuri.net site scan, but keep in mind that malicious files are easy to detect, but some hacker files will never be detected by any scanners.
Hi, I think I broke my website. I tried to modify my .htaccess file to allow larger uploads and now I only get 500 error.
Any suggestions?
FTP to your website or use your Web Host Control Panel file manager and delete the .htaccess file in your website Root folder that you added your custom .htaccess code too. You will then be able to log into your site and use AutoMagic to create new standard BPS .htaccess files. To check your Server API take a look at the BPS System Info tab.
Sounds like you added invalid custom .htaccess code to the standard BPS Root .htaccess file/code. My guess (based on the limited specific info and details of the actual problem) is that you have a CGI Server API, but you are trying to add php_value and php_flag directives (DSO ONLY) to your .htaccess file, which can ONLY be added to your BPS Root .htaccess file if your Server API type is DSO or LiteSpeed (DSO).
These php_value and php_flag .htaccess directives can ONLY be used if your Server API is DSO.
php_value post_max_size 20M
php_value upload_max_filesize 20M
php_flag file_uploads On
If your Server API type is CGI you will have to edit or create a custom php.ini file and add these directives in that custom php.ini file.
post_max_size = 20M
upload_max_filesize = 20M
file_uploads = On
I am getting a 500 server error after installing the plugin. I deleted the .htaccess file from the root folder and am still getting the error. I have now deleted the .htaccess from the wp-admin folder and nothing. I successfully installed this plugin on several other sites, but it has killed this one. I have no idea what to do and I desperately need your help.
nevermind. there was an issue in the wp-config file for some reason. Thanks!
WordPress: 3.4.1
Server Type: Apache
Operating System: Linux
Server API: cgi – Your Host Server is using CGI.
Multisite: Multisite is Not enabled
PHP Version: 5.2.17
I installed BP earlier today and followed the procedure for creating and backing up the .htaccess files.
I just went to the “All Posts” page to create a new post and for some reason I can see all my posts for 2 seconds and then the entire page goes grey and I can no longer see any links or access anything. I can create a new post but once I save and return to the All Posts page I can’t access it.
HELP!
BPS does not do anything directly related to the Post page in WordPress or any other parts of WordPress. This sounds more like a cache problem. Try clearing your browser cache and clear your caching plugins cache. Or maybe an ISP problem – your Internet Connection may be having problems.
I noticed that on that page I’m getting a 404 error on the edit.php on line 1065
Its a conflict with the Google Analytics for Dashboard plug in. When I deactivate it, everything shows up.
Oh then just add the Google Analytics Dashboard bypass/skip rule here >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#GoogleAnalyticsDashboard
Hi
I’ve been using your plugin for the last couple of months now and it rocks, would be happy to donate however I need to resolve one key issue, otherwise it might not be the right plugin for me. I simply need to be able to upload products into marketpress, however i get the 403 “You don’t have permission to access /wp-admin/media-upload.php on this server.”
The only way round this I have found is to temporarily turn off BPS security, upload, then turn the plugin back on. Not very practical as you can imagine. Looked through the back-end, can’t currently find a solution. Can you help?
Other than that this plugin is awesome! Thank you 😀
You just need to use this bypass/skip rule >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#Full-Screen-Background-Images-Pro
Which plugin or theme is this so i can document this on the plugin testing and compatibility page?
Hi
Sorry for the late reply. I am using a child theme, the plugin was/is MarketPress Lite. Your response solved my issue. Thank you.
Can you link to a donation page for me and I’ll support your work.
Regards.
Excellent!
No need for a donation. Thanks works for me. Thank you.
Hi
My site got hacked. nothing terrible but i know it ws a deliberate thing and might get tried again.
I lost my favicon image and a couple of other images, that was all.
the permissions for index.php (400) and wp-blog-header php. (400) had both been changed from 400 to 624 – i think – which allowed write to.
Wordpress is up to date and bullet proof fully operational. if not i think it might have been a lot worse! So thank you. any ideas how this might have happpend and if there is anything i could do to strengthen would be most welcome.
Thanks.
Dave
There are a few things BPS cannot protect against.
1. Passwords being cracked: FTP, SSH, Control Panel and WordPress Login.
2. Host Server itself has been hacked – not your individual website, but the Server that your website is on.
3. Directory permissions that are set incorrectly – if you have set directory permissions to 777 by mistake then BPS cannot do anything to protect those directories because they are writable to everyone.
4. And of course if your website was already hacked before installing BPS – hacked websites should be cleaned up or restored before installing BPS
When your website is hacked you should:
1. Change all of your passwords.
2. Restore your website from a good backup.
Thank you. directory permissions are set to 705 – is that ok?
Yes 705 directory permissions are much more secure than 755. If your website was hacked by cracking one of your passwords then setting directory permissions to 705 will not stop a hacker from logging into FTP or WordPress.
Thank you – fast responce really appreciate it!
When I set the root folder at the recommended 705, it caused a 403 error. The other folders were changed to 705 successfully, but the root folder wasn’t having it. I tried on different occasions. My host is HostNine.
I changed the root folder to 750, which is more secure than 755, and most importantly I do not get the 403 when I try to access my site when the permissions of the root folder is at 705.
You are correct that changing the Root folder permissions to 705 will cause a 403 error. This is not exclusive to your particular web host and will occur on most if not all web hosts. Thank you for reminding me about this. I need to update the help info in BPS to specifically state that the Root folder should NOT/NEVER be changed to 705 permissions and 750 may be allowed by a person’s web host. All web hosts have their own specific permissions policies, but in general most allow 705 folder permissions to be used for all folders with the exception of the Root folder. Thanks again for reminding about clarifying the help info in BPS.
I heard that wordpress files can get corrupted or lost when installing bulletproof security, on a well established site. I have not been hacked but want to safe guard my site
BPS does not have the capability to corrupt or lose WordPress files because it is not designed / coded with the capability to do something like that. BPS adds 2 .htaccess files to your website that adds the website security. If a problem occurs you only need to remove those 2 .htaccess files.
Hello,
I have purchased the plugin and so far it has worked on almost every website I installed it, however, on one particular website the options panel won’t load. I was able to get to the options right after installation and I started doing all the necessary things to get it up and running, and then I turned something one and after that the admin options won’t load at all, all I can see is 3 notification messages at the top of wordpress admin page.
I’ve tried deleting and reinstalling a few times, but nothing works.
Can you please help me out?
Thanks.
I have checked the API Server Logs and you are missing the dot (.) on the end of your Activation Key. Please type in the dot (.) and resave your Activation Key and you should then see the BPS Pro Options pages. Thank you.
Lol. Worked, thank you! 🙂
HI. I am unable to get to the wp-admin/ page on this site. The last thing I did to the site was install BPS free version.
I have ftp access, and would like to know if I can disable the BPS and then try ot without it.
If the problem is being caused by the root .htaccess file that BPS created then FTP to your website and delete the .htaccess file in your Root website folder.
I have gotten rid of the .htaccess files – no luck. Is there a way to remove the BPS and reinstall WP without being able to access the dashboard?
I misunderstood your original question. I see that when you try to login you get a 404 error message. Do you have the Better WP Security plugin installed? That plugin causes this problem. Have you added any custom coding to your /wp-admin .htaccess file? Have you added Directory Protection to your /wp-admin folder or your /wp-admin .htaccess file? Try deleting the .htaccess file in your /wp-admin folder. Also if you are using a login protection plugin then rename that plugin’s folder name using FTP.
This does not actually appear to be a problem caused by BPS, unless you have added some custom code to your /wp-admin .htaccess file with the BPS .htaccess file editor. I misunderstood your original question. I see that when you try to login you get a 404 error message. Do you have the Better WP Security plugin installed? That plugin causes this problem. Have you added any custom coding to your /wp-admin .htaccess file? Have you added Directory Protection to your /wp-admin folder or your /wp-admin .htaccess file? Try deleting the .htaccess file in your /wp-admin folder. Also if you are using a login protection plugin then rename that plugin’s folder name using FTP.
Also when i look at the source code for your website i see a blank space before any code output. This can either be because the Theme you are using has a PHP function coming before your DOCTYPE or when you have a blank space at the top of your wp-config.php file or the top of your Theme’s header.php file. Check both of those files for a blank white space at the top of either of those files and delete the blank white space.
Hello,
I use BPS and I just upgraded to WP 3.4. Before doing so, I deactivated all of my plugins (including BPS), because I get a memory error if I try automatically upgrading WP without doing so. I’ve never had an issue before during any WP upgrade.
However, after upgrading to WP 3.4, I now cannot view any any page on my site, as I get all manner of header file messages, and I can’t see or do anything with my site.
When I go to login into http://www.booleanblackbelt.com/wp-login.php, I get this (white screen with only this text):
Warning: Cannot modify header information – headers already sent by (output started at /homepages/xx/xxxxx/htdocs/wp-config.php:35) in /homepages/xx/xxxxx/htdocs/wp-login.php on line 365
After I actually log in, I don’t see anything but this:
Warning: Cannot modify header information – headers already sent by (output started at /homepages/xx/xxxxx/htdocs/wp-config.php:35) in /homepages/xx/xxxxx/htdocs/wp-login.php on line 365
I know that BPS locks down the header files, but I deactivated all plugins prior to automatically upgrading.
Do you have any advice on how I can get my site back to normal? As I have stated, I can no longer view any part of WP – so I am not able to go into any plugin, including BPS, to make changes. All I can do is FTP in and try to modify files.
Please help – I have no idea what I can do at this point to get my blog back up and running after I have been regularly posting for 3.5 years.
Thanks.
Do you have BPS Free or BPS Pro? If you have Pro then take a look at the first 2 problems and solutions on this page >>> http://www.ait-pro.com/aitpro-blog/2843/bulletproof-security-pro/bulletproof-security-pro-questions-and-comments/
If you have BPS Free then it does not lock down the header files or do anything else with any of the WP Core Root files.
In general when a WP upgrade installation fails you should do a manual installation of WP – do not do anything with your WP DB until you have completely replaced all your site files. Typically you do not need to restore the WP database or do anything with your WP DB when an upgrade installation fails. To do a manual installation of WordPress download the wordpress.zip file, unzip it to your computer and then upload all the wp files – entire /wp-admin folder, entire /wp-includes folder, entire /wp-content folder and all WP root files.
And you can always do a file restore from a backup (not a DB restore just file restore) instead of doing a manual install of WP.
Thanks Admin!
Thinking through the sequence of events, prompted by it being a Permalink problem….
When I went to harden the site there was a BPS message about custom Perma’s being needed. So I made the change to the site settings for Perma and then quite quickly re-ran the BPS hardening… So agree not a BPS problem directly but there’s a ‘heads up’ in there that rapid application of multiple changes is a bad thing…. More haste = way less speed…
I’ll see what I can do to recover the structure and let you know the outcome – as with accidents in the home, 80% turn out to be human…
Thanks for the advice and, yes, I’ve purchased Pro cos it makes sense!!!!
Cheers
Steve
Here is a help post on Custom Permalink structures for reference and it also has some good reference links at the bottom of the post >>> http://www.ait-pro.com/aitpro-blog/2304/wordpress-tips-tricks-fixes/permalinks-wordpress-custom-permalinks-wordpress-best-wordpress-permalinks-structure/
LOL yeah i tend to get stumped by the really dumb mistakes as opposed to complicated mistakes that i make when doing something really complex. LOL
Thanks for choosing BPS Pro! BPS Pro 5.1.8 is getting closer to release and it is well just simply put – AWESOME! A new feature in 5.1.8 called Quarantine is combined into AutoRestore to perform either automatic file restoring or quarantining of files. The best part of all 1,000 files compared in .13 seconds = no additional drag on website performance. Woo hoo!
Hi
I”m getting a HTTP 500 error when trying to acess my website.
The last things I did were to look at PBS in the control panel and it said that the htacess files either were created or were not initiated (so I click all the buttons again – from setting upthe htacess files to activating all the modes) Then I noticed that it recommended that the htacess file should have permission 404 and not the current 644. So I altered it to 404 and saved it. It then reverted back to 644 – so I changed it back again
But when I try to get back to the website or log in I get the HTTP error.
Have I messed up and lost all the previous htacess permissions for other plug ins etc? and how to I get things back on track?
Cause of issue: A few web hosts do not allow you to use 404 file permissions for .htaccess files (this forced 644 file permission by a few Hosts was intended to protect the .htaccess files from being written too, but this actually backfires since 644 permissions are much less secure than 404). If you set .htaccess file permissions to 404 on these hosts you will see 403 errors and be unable to access your site. In order to get back into your site delete the .htaccess file in your website root folder – do not attempt to change the .htaccess file permissions again to 404 – your web host does not allow this.
Thanks for your advise. My host is Bluehost (assume they only allow 644 then)
If I log into the bluehost control panel and go to files and delte the .htacess file. What do I need to do next?
Do I go back to BPS and create new hacess file with the first lot of buttons and then activate all modes again?
Do I need to disable or delete all my plugins before creating htpacess files again and activating all modes … then re-instal ( I am thinking that these plugins might add scripts to the htacess file (but I may be talking nonsense – just learniung as I go) . My plugins were : Akismit, Jetpack, all in one SEO pack, google xlm site map, contact form 7, Google translator
Many thanks
The last time i checked BlueHost allows you to set .htaccess file permissions to 404. Is your website currently hacked? Double check with BlueHost about this. Maybe you are on a BlueHost Server that is doing this, but we have 1,000’s of BPS and BPS Pro folks on BlueHost that can set .htaccess file permissions to 404.
You have Linux Hosting correct?
Yes, after you have deleted the existing .htaccess files you would create new Master .htaccess files with AutoMagic and activate all BulletProof Modes.
No, you do not need to do anything with any other plugins. Some plugins write .htaccess code to the root .htaccess file like W3TC. BPS will alert you that W3TC needs to be redeployed to write that .htaccess code to the root .htaccess file again.
Yees Linux hostings. No not hacked
Bluehost support have said:
‘ I have reset your permissions. Folder permissions need to be 755 and file permissions need to be 644.
If you change them, it can cause your website not to function properly.
‘
Hoiver back on the dashboard now and all the plugins are deactivated. I tried to activate BPS and it says:
‘Plugin could not be activated because it triggered a fatal error.’
Warning: require_once(/home2/***/public_html/wp-content/plugins/bulletproof-security/includes/class.php): failed to open stream: No such file or directory in /home2/***/public_html/wp-content/plugins/bulletproof-security-bak/bulletproof-security.php on line 33 Fatal error: require_once(): Failed opening required ‘/home2/***/public_html/wp-content/plugins/bulletproof-security/includes/class.php’ (include_path=’.:/usr/php/53/usr/lib64:/usr/php/53/usr/share/pear’) in /home2/***/public_html/wp-content/plugins/bulletproof-security-bak/bulletproof-security.php on line 33 ‘
( NB I added the *** in plavce of file names)
If I delete the htacess files and and restart again nwith automagic – will that remove thsi error?
Also waht does ‘ W3TC needs to be redeployed ‘ mean and how does one ‘ redeploy’ if one needs to?
If your Server’s API is DSO (BPS System Info page will tell you your Server API) then yes 644 file permissions are necessary for your website to function properly. Most Servers are configured with CGI and 644 permissions should not be mandatory. If the Host has made 644 permissions mandatory then they have done something to specifically tell the Server that only 644 file permissions are allowed – that is not normal, standard or common.
The bulletproof-security folder is named /bulletproof-security-bak. You would need to rename it back to the valid plugin folder name – /bulletproof-security.
W3TC is the W3 Total Cache plugin. I was just using it as an example of a plugin that writes .htaccess code.
Help!
Installed BPS Plugin on the site above, backed up the site, made secure using the wizards, then queried my logic, went to undo the HTAccess to basic again for testing and after hitting Activate, all has gone wrong…
Site opens on main page OK but has errors on page when any other menu item opened. I can no longer get to WP-Admin…
Errors look like….
repeats up to 10 times (or so)….
Please advise soonest how I might recover this…
Cheers
Steve
Delete the 2 .htaccess files that were created by BPS. 1 in your website root folder and 1 in your wp-admin folder. Restore your original .htaccess files if you had existing .htaccess files and take a look at them to see if you have code that needs to be added to your new BPS .htaccess files.
Hi thanks for the response – can’t locate them but can see a couple of other things… BPS Backup folder containing backup_default.htaccess, backup_wpadmin-secure.htaccess plus a couple of others….
Can I possibly restore from these?
Cheers
Steve
The backed up file that you would want to use would be root.htaccess if it is a backed up file that was working before. Download it, upload it to your website root folder and rename it to .htaccess.
Under www/ghpt/wp-content/bps-backup I have a copy of root.htaccess from around the time of the problem…. Restore this by renaming as you’ve said?
I guess so, but normally all you need to do is just delete the .htaccess file in your website root folder and do not need to do what you are trying to do. Do you have Linux Hosting? I tried to lookup your site and the URL is an URL to an ISP and your email URL is for a non-WordPress website.
Another option is to download the default.htaccess file from here /wp-content/plugins/bulletproof-security/admin/htaccess/default.htaccess and then make sure the RewriteBase and RewriteRule are correct for your website (if you have a root website then do not change anything, if you have a subfolder site in folder /example then edit the default.htaccess file and add this folder path to the RewriteBase /example/ and RewriteRule . /example/index.php [L]) and then upload it to your website root folder.
Yes to cPanel-based Linux….
Have attempted the substitution that you recommended and also taken a look to understand the error message being received.
The substitution has not gone well… No difference
BackWPuP files available, have had ISP attempt site restore, no good…
Suggestions further?
Cheers
Steve
Ok well first off the original error messages you posted are not caused by BPS. BPS has nothing to do with those error messages so the only thing i can suggest is to restore your website files AND WordPress Database from a good backup of before you saw these error messages. Once again these errors are not related to BPS as BPS would not be able to cause those types of errors because BPS is not designed or coded for that to even be possible. What i am suspecting is that your WordPress Database is corrupted or damaged. Worst case scenario you will have to reinstall everything again. This problem was not caused by BPS.
Actually I Googled the error and i found this post that indicates that this is a permalink structure problem >>> http://daydull.com/tips-tutorials/solved-fix-wordpress-error-warning-preg_match-function-preg-match-compilation-failed-nothing-to-repeat-at-offset-1-in-rootwp-includesclasses-php-on-line-210-211/
So try what is suggested in that post to fix the problem.
And BuddyPress and Wassup also cause these errors so google the error message and you will see several search results that show the problems and solutions.
Brilliant! Thanks for the pointers – had to go looking further but was able to repair the permalink problem via phpMyAdmin – wp-options table, permalink-structure – emptied the options I’d put in there and all came good once saved… worth remembering for the future for cPanel sites…
Cheers
Steve
Perhaps I spoke too soon – BPS seems insistent on the use of custom Permalinks to operate correctly; changing the Permalinks always takes me back to that error condition – is BPS going to be functional without the permalink changes?
Ok at this point since you have purchased BPS Pro i will be glad to take care of this. Please create a temporary WordPress Admin account for me and send the login info to edward[at]ait-pro[dot]com. Thanks.
And yep BPS requires a Custom Permalink Structure to work correctly. All WordPress websites should be using a Custom Permalink Structure. You can achieve the exact same thing as far as URL appearance with Custom Structure Tags as you can by using the default and pretty permalinks options settings. There are 2 primary reasons to use a Custom Permalink Structure. 1. Higher ranking pages 2. Better website performance. So it is a no-brainer that using a Custom Permalink Structure is the optimum choice. 😉
The 2 best Custom Permalink Structures are these for Best Performance and Best SEO:
/%year%/%postname%/
/%post_id%/%postname%/
Many thanks for this – all the plugins had bak written at end of the file – changed them and it all seenms to work. Very much appreciate yr halp and swift responses.
Looked up info and the configeration for the server is : Server API: cgi-fcgi – Your Host Server is using CGI.
I am using free BPS 47.1 and wordpress 3.3.2 at the moment, (but my issue occurred earlier so perhaps different versions were in place then.) I recently noticed new .php files in the directory above my root directory. I assumed they’d been placed by my webhost but it turns out they were not. I have BPS and a few other security plugins in place, I keep updated, I am so surprised to see unauthorized access, especially above my root file. I am not saying it is related to your plugin, but I really thought I was secure so now I am just at a loss. Any thoughts or suggestions? Here is a link to my forum question about it, more info there: http://wordpress.org/support/topic/unknown-php-files-in-directory-above-root-folder?replies=6
My other question for you: I am considering upgrading to BPS Pro. In the description you mention that WP Core Root files can be restored. Does this mean the wordpress installation files, or would all of my site’s unique content in the root be backed up and restored as well?
Thank you for a great plugin and thanks in advance for any feedback you may have!
I have looked at the code you have pasted at pastebin and this is coding to grab additional information about your website. In other words, this is definitely not legitimate code and is hackers coding.
There are a few things BPS cannot protect against.
1. Passwords being cracked: FTP, SSH, Control Panel and WordPress Login.
2. Host Server itself has been hacked – not your individual website, but the Server that your website is on.
3. Directory permissions that are set incorrectly – if you have set directory permissions to 777 by mistake then BPS cannot do anything to protect those directories because they are writable to everyone.
4. And of course if your website was already hacked before installing BPS – hacked websites should be cleaned up or restored before installing BPS
Since the hackers gained access to a Protected Server directory above your Root folder this means they have initially either cracked your SSH password, control panel password or they have hacked the Server itself. FTP access typically does not allow you to access protected server folders, but i have seen this being allowed on a couple of Web Hosts. A cracked WordPress login password would also not allow a hacker to access a protected. If they have uploaded a Shell script to your website then they can write to protected server directories from that Shell script’s admin panel.
The current version of BPS Pro only has AutoRestore for the Root directory and only autorestores WordPress specific files. BPS Pro 5.1.8 will have AutoRestore for the Root directory, /wp-admin and /wp-invludes folders. Additionally we will be adding a feature to allow you to select additional files that you would like monitored and autorestored. The /wp-content folder will have very limited AutoRestore capability in BPS Pro 5.1.8 and will have full /wp-content directory autorestore capability in BPS Pro 5.1.9.
AutoRestore does not have the capability to autorestore to protected server directories and is only designed to autorestore files from the Root folder and below. You should not be able to write to protected server directories from within WordPress unless you Host has accidentally made a Server configuration mistake.
I just wanted to thank you so much for your feedback. This is the second time you have given me helpful support (previously diagnosing BlueHost’s crazy hotlink protection messing with htaccess.) I definitely plan to purchase BPS Pro once I get my current issues sorted.
FYI, Regarding your suggestions I believe it was likely problem #1. I don’t know how (as I have super strong passwords, use SFTP, and have lots of other protection in place on my root) but I think a password must have been picked up over the web somehow. I thought it was likely #2, but hosting support disagrees. Go figure. #3 and #4 aren’t likely culprits in my situation.
I guess my current plan is to nuke my account (to clear whatever else has been hacked above or below the root… I really don’t know enough to sleuth out what else has been messed with) and start again from a clean root backup.
The restore features you have mentioned, especially for BPS Pro 5.1.9, sound fantastic. I will look forward to them. Thank you!
The HotLink Protection tool is actually a cPanel tool (BlueHost just happens to use/offer that cPanel tool) that has been broken since 2008. It does not look like there are any plans to ever fix it since it has now been 6 years since it was documented as broken. 😉
I always used to lean toward a new clean install over dehacking / cleaning up a website when i used to offer that service. There are 2 simple reasons to choose a new clean install. 1. It is much faster to do a clean install, reconfigure the site and restore content from backup, then searching/scanning and cleaning it up (scanners have to be told/programmed what to look for/to look for known signatures 😉 ). 2. You know the site will be 100% clean of hackers code and/or files so you will not have to worry about missing some hackers code and/or files anywhere on the site.
Hi, awesome plugin, but I’m having some problems trying it out in my local development environment. Have installed and activated latest Bulletproof Security but it takes forever to get to settings page to do anything with it. Any idea what’s causing it?
First I thought it was a plugin incompatibility but settings panel did show up, several minutes later though… Here is the setup:
WordPress 3.3.2 installed locally on Mac OS 10.6.8 using Desktopserver (http://serverpress.com/products/desktopserver/). Have following plugs installed:
ACTIVATED
Contact Form 7 – Version 3.1.2
Dynamic To Top – Version 3.1.9.1
OptionTree – Version 1.1.8.1
Ultimate Security Checker – Version 2.7.7
WordPress SEO – Version 1.1.5
WP Security Scan – Version 3.0.9
BulletProof Security – Version .47.1
DEACTIVATED
Duplicator – Version 0.2.9
Widget Data – Setting Import/Export Plugin – Version 0.4
WP-Memory-Usage – Version 1.2.1
Hmm not really sure about this because there is nothing in BPS that should cause a latency problem whether the site is Live or Local. I test on XAMPP locally, but have never tested on a Mac setup. What happens when you delete the .htaccess files and then try to go to the Settings page?
thanks for the quick reply 🙂
I deleted the root .htaccess but no difference, plugin settings still takes forever to get to. Other plugs such as Yoast SEO loads without issues. Weird!
The only other thing i can think of for testing on a Local install is using WP DEBUG in your wp-config.php file to see if the issue will display an error.
define('ALTERNATE_WP_CRON', true); define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); define('WP_DEBUG_DISPLAY', true);ok
– added that to wp-config -> no errors or debug.log showing up
– tried deactivating all plugs except BPS -> still veeery slow but now parts of the left sidebar disappears when I try to go to BPS settings, now there are php errors:
PHP Notice: Trying to get property of non-object in…
…wp-admin/includes/template.php on line 1394
…wp-admin/includes/template.php on line 1395
…wp-includes/admin-bar.php on line 417
…wp-includes/admin-bar.php on line 428
Hmm ok well eliminate the Theme that you are using then too. Switch to the 2011 WordPress Theme. also delete the wp-admin .htaccess file too.
Also it may just be some kind of issue with Desktopserver and BPS. Never tested that app so i don’t know if they play nice together.
tried all now. I’ll contact Desktopserver to see if they know something. Thanks for all advice 🙂
found one other user of DesktopServer that also had issues with BulletProof Security and also W3 Total Cache and WordPress Firewall 2.
Thanks for all your help, looks like I basically can’t pre-install BPS when developing locally before migrating live. Will use BPS on live server though 🙂
For now have to wait with the Pro version of BPS. Except that later, I need a login limiter also. Any you’d recommend? Anything else you recommend?
Have a good day 🙂
hmm sounds like Desktopserver has a couple of issues to iron out. 😉 It looks like a neat product that would be a nice time saver for folks who are not real tech savvy or just want everything automated right out of the box. I have manually configured my XAMPP setup to do all of the things Desktopserver is doing, but for folks who want an instant solution it sounds like a nice product.
A lot of the login protection plugins have not been updated in a while or have been abandoned, but this newer one seems like a good one http://wordpress.org/extend/plugins/login-security-solution/
BPS 47.1 – Free
linux – cgi – single site – php 5.2.14 – mysql client version 5.0.77
I am trying to run wordpress from a subfolder and copy the .htaccess and index files so that the site address doesn’t have “/wordpress”. Currently when I do this the links break to my site. I can save the permalink settings but the links break again within a short period of time. is there a write up on how to handle this? If not I guess i will have to move the wordpress install into the root folder.
I greatly appreciate your plugin. I installed it after a couple nasty hacks and have been incident free for a few months now. Any help you can give would be greatly appreciated.
Regards
Sounds like you are talking about a “Giving WordPress Its Own Directory” website set up. When you copy (download it to your computer) the .htaccess file that BPS creates in your /subfolder website then you want to remove the subfolder folder name from RewriteBase /subfolder/ and RewriteRule /subfolder/index.php from that .htaccess file and then upload it to the website root folder. The RewriteBase and RewriteRules should NOT have the subfolder name in them. Example: RewriteBase / and RewriteRule /index.php. See this WP Codex post on GWIOD websites for other information on what needs to be done for GWIOD WordPress websites – http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
What about the custom codes? They seem not to be included at all.
Each time I’m doing something with Bulletproof, I need to update my .htaccess by hand because my installation requires a “SetEnv PHP_VER 5” in this file and Bulletproof removes it and the whole site goes down. Not very friendly!
If you have added a PHP handler or other custom code to Custom Code then you need to save it first, then use the AutoMagic buttons to create new Master .htaccess files that will contain your custom code and then activate BulletProof Modes. For future upgrades your Custom Code is saved permanently so that if you ever use AutoMagic in the future your custom code is always included in your new Master .htaccess files, as long as you saved it. The Read Me help button on the Custom Code page explains this and everything else about how Custom Code works in greater detail.
Hi, I’m happily using this plugin on several sites, so thank you for making it available. Does the security patch in .47.1 fix .47 only, or all previous versions as well, i.e. do previous versions have the same vulnerability?
The patch is included in .47.1 coding Only so only .47.1 would have that coding in it. The vulnerability is not something that could be easily exploited – the conditions necessary to successfully exploit that coding was somewhere in the neighborhood of 100,000 to 1, but it is still something that needed to be corrected because it was a good coding practice that was missed. Super Globals should always have their HTML markup special characters converted to HTML entities and one $_SERVER Super Global was accidentally missed.
Thank you!
Hi –
Updating from .46.9 to .47 (and .47.1) works fine with single wordpress installation in its own directory.
But when I update a wordpress installation in a subdir from 46.9 to .47 (or to .47.1) and activate the BulletProof modes the single posts are not shown.
The new update doesn’t work with http://www.xyc.com/blog/ i.e. with the wordpress installation in a subfolder.
Going back to .46.9, everything works fine i.e. the single posts are shown.
For example, in .htaccess with version .46.9 it says
“ErrorDocument 404 /blog/404.php”
In secure htaccess for/with .47.1 it says
“ErrorDocument 404 /404.php”
Do I have to put everywhere in the secure htaccess before activating it by hand “/blog/”? Or will there be a further update? Or do I do something wrong?
Thank you for your help.
Nane
I just tested BPS .47.1 and everything still works perfectly for creating Master .htaccess files with AutoMagic for subdirectory sites so click the AutoMagic buttons then check the Edit/Upload/Download page, look at the secure.htaccess tab and confirm that your subdirectory folder name has been added. Then of course activate BulletProof Mode for your Root folder.
Thank you for your quick answer and help.
I knew that we men don’t read manuals (or maps) but try to figure it out by ourselves.
Now I learned that we don’t read what’s on the screen either.
> so click the AutoMagic buttons<
That was my mistake. I just didn't create the file with AutoMagic.
Thanks again for your help.
For some weeks now I'm using the BulletProof Security plugin.
At the moment the money is a little bit tight. But as soon as I can I will buy the Pro-Version (I get it right? I can use it for all my websites with one license?).
Thanks again for the good work.
LOL yeah i am guilty of that too. I click first and then check later if something does not work. ha ha ha. 😉
Yep everyone is tight on money these days. 😉 And yep there is not a limitation on the number or websites you can install BPS Pro on as long as…
I have BPS 47 (and previously 46) installed on my blog and it is excellent. Thank you.
Having said this and FYI, BPS settings prevent my wordpress blog being seen
on Linkedin.
In Linkedin you have an option to show your latest posts on your profile
page. After installing BPS this now returns ‘we can’t find a blog at this
address’. Checking the logs shows that my website now returns a 403 when
requested for the posts.
——–
72.233.127.211 – – [11/May/2012:12:01:34 +0100] “HEAD /blog HTTP/1.0” 301 –
“-” “WordPress/3.4-beta4-20762; http://wordpress.com”
72.233.127.211 – – [11/May/2012:12:01:34 +0100] “HEAD /blog/ HTTP/1.0” 403 –
“-” “WordPress/3.4-beta4-20762; http://wordpress.com”
————
Is this a fix that will make it into the next version?
Cheers,
Mark
Most likely you just need to modify or comment out this filter in your Root .htaccess file. You can remove HEAD from the junk / spam bot filter.
# REQUEST METHODS FILTERED # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some # HEAD requests from bots that you want to allow in certain cases. This is not a security filter and is just # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow # all bots to make a HEAD request then remove HEAD from the Request Method filter. # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website. RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F,L] modified filter RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]Hi, I am running the latest version of WordPress with the BPS plugin. I am able to create my default and secure .htaccess files, but when I check Bulletproof Mode and click activate I get the following error:
Warning: chmod() [function.chmod]: Operation not permitted in /home/public_html/wp-content/plugins/bulletproof-security/admin/options.php on line 109
Warning: copy(/home/public_html//.htaccess) [function.copy]: failed to open stream: Permission denied in /home/public_html/wp-content/plugins/bulletproof-security/admin/options.php on line 110
Failed to Activate BulletProof Security Root Folder Protection! Your Website is NOT protected with BulletProof Security!
I found another post where the absence of mod_ruid was causing this so I had my hosting company install mod_ruid, but am still getting this error.
Most likely your Server is using mod_apache / DSO. You will have to manually download and upload the .htaccess files to their correct folders or change folder permissions for folders to allow writing because DSO uses file / folder ownership permissions unlike CGI.
Hi,
I like your WP Pluging very much! Keep up the good work!
I am using the free version of your plugin and I was wondering is there an option to hide the “wp-admin” folder ? I do not want visitors to discover this when they are phising for it..
Thanks for your reply!
BPS does not do any hiding security methods because they are not really effective. You can hide things from human visitors to your website, but you cannot hide from Bots. 90% – 99% of all hacking is done with automated Bots.
Thanks for your quick reply!
Because you are the experts could you tell me what code to use in the .htacces to hide the wp-admin ?
I tried to add some code but it did not work in combination with BP…
I would like to use something like http://www.mysite.com/letmein instead of http://www.mysite.com/wp-admin
Thanks for your help!
Hiding the wp-admin folder does not add any more security to your website. 90%+ of all hacking is automated and done with automated hacking bots. You can hide from human visitors, but you cannot hide from bots.
If you still want to do this then try doing Google searches using these keywords – “wordpress htaccess hide wp-admin”
I know not to use the default permalinks setting. I was pointing out that the problem is solved when that setting is used. If I use any of the ‘pretty permalinks’ options then I cannot access the sub directory while BPS is activated.
They are 2 completely different wordpress installations. The only ‘link’ between the websites is the xxx.com has a page that links to xxx.com/yyy.
The linking structure is what comes as ‘default’ with a wordpress installation – we don’t have any ‘fancy’ linking structure.
When we installed BPS and activated it we cannot access the sub-directory xxx.com/yyy, whereas before activation we could.
The information you have given me is too vague so without really knowing anything about your site architecture and how the 2 websites relate to each other i can only make a logical guess that you have not also installed BPS on your sub directory website, used AutoMagic and activated all BulletProof Modes on that website. .htaccess files work like this.
Root website folder
/.htaccess – the rules in this htaccess file will be applied to this folder and all subfolders, unless they contain their own .htaccess file.
A subfolder below the Root folder without an .htaccess file in it
/subdirectoryA/ – this folder does not have an .htaccess file so the rules in the Root folder will be applied to this folder
A subfolder below the Root folder with an .htaccess file in it
/subdirectoryB/.htaccess – this folder has an .htaccess file so it will follow the rules in its own htaccess file and NOT the Root folder htaccess file.
The two wordpress installations don’t relate to each other at all.
The WP installation for the website is in the root directory. This one has a blog. We set up BPS here to see if it worked, and this is where the ‘public’ visit.
The second WP installation is in a sub directory of the root directory. This one has no blog – WP is an easy way for people to update pages. Only committee members visit here, and we haven’t put BPS here yet, because we couldn’t get the root directory WP installation working with BPS and pretty permalinks.
The root directory has its own htaccess file.
The sub directory has its own htaccess file.
What I think is happening, is if pretty permalinks are being used …. ‘BPS’ thinks the address http://www.xxx.com/yyy/ should be on found in the root directory somewhere … when it can’t find it …. it gives a 404 error.
With the default permalinks setting …. pages/posts in the root directory have the address http://www.xxx.com/?page_id=4 and when someone tries to access http://www.xxx.com/yyy/ it is a different form, so BPS ‘knows’ it is a sub directory.
When you use AutoMagic the folder location is created from the settings you have saved in WordPress.
If you have a Root website in the root of your Hosting account then in the BPS root .htaccess file you will see.
RewriteBase /
RewriteRule . /index.php [L]
If you have another site in a subfolder called /subfolderSiteB then the htaccess file in the root of that site that is created by BPS AutoMagic will have this “base”.
RewriteBase /subfolderSiteB/
RewriteRule . /subfolderSiteB/index.php [L]
If your RewriteBase and RewriteRule are not correct for each site then you will see 404 errors. So you just need to check that these are correct for each site.
Thanks
They looked correct, but I re-typed them again and now it is working!!
Excellent! Yeah! Hey would you do me a favor and click the Rate link in BPS (top right next to the stars) and give BPS a rating at WP? Thanks.
No worries with giving you a star rating! 🙂
One further thing that might have helped, is we were using the Weaver II theme, it wasn’t playing nice with Internet Explorer and the Meteor Slides plugin, so we swapped to the Weaver (not Version 2 ) theme to fix that problem.
Sweet! Thanks for the rating. 🙂 Another website security plugin author is playing dirty over at WP and it is pretty obvious which plugin author it is. 😉
Be sure to let the Weaver Theme folks know what is going on so they can fix it. Thanks.
Hi
I discovered it wasn’t working for other sub-directories (not WP related at all) as well – but found this solution works every time – whether they are password protected or not.
http://systembash.com/content/password-protected-folder-gives-404-not-found-in-wordpress-installation-sub-folder/
Thought you would be interested.
Yep >>> http://wordpress.org/support/topic/plugin-bulletproof-security-password-protecting-wp-admin
Server API: cgi-fcgi – Your Host Server is using CGI.
PHP Version: 5.3.3
It is a standard WordPress installation
The WordPress installation is in the root directory
I have used AutoMagic to create my master .htaccess files
I have activated all BulletProof modes
I do this and then this error occurs.
We have a sub-directory that we need to access on the web server that also has wordpress installed in it (BPS is not installed there)
When the permalinks are set to default (thereby ‘turning off’ BPS) we can access that sub-directory. When the permanlinks are set to something acceptable to BPS we cannot access that directory. We get a ‘page not found’ error.
Interestingly, we can access another directory that has straight html in it (not a php file in sight!)
Can you help with a solution?
We have BPS turned off at the moment, because we need to access the subdirectory.
Ok this is what I have been able to understand so far.
/main-site – BPS is installed on this site – some kind of error occurs here
/main-site/sub-directory-site – BPS is not installed on this site – no other details are known about this site
What does this mean exactly? – “When the permalinks are set to default”
You can access some other folders with HTML in them.
I would need more specific information in order to assist you.
The important questions are why would an .htaccess in another website be affecting the other website and why have you not installed BPS in the sub-directory site?
Default permalinks option is
Default http://xxx.com/?p=123
You can access some other folders with HTML in them.
With BPS activated, we can visit a sub directory that only has index.htm (for example in it)
The important questions are why would an .htaccess in another website be affecting the other website and why have you not installed BPS in the sub-directory site?
It isn’t another website – it is a sub-directory of the xxx.com website, for example
xxx.com/yyy/
Where the sub directory yyy has another installation of WordPress (but not BPS).
You should always be using a custom permalink structure and not a generic WP default link structure, which i am sure you are already doing. The problem with your website or websites is a linking structure problem that is also affected by the .htaccess files because something is not correct about your website linking structures. The problem is not directly related to custom permalinks – this is a symptom of an incorrect linking structure for one or both of your websites.
Each installation of WordPress is a separate website.
if you have WordPress installed in xxx.com and WordPress installed in /yyy then these are 2 separate WordPress websites with 2 separate WordPress Databases, unless of course you have done some advanced Database configuration that is allowing both websites to use the same WordPress Database.
Had a conflict with your plugin and another paid plugin (group-buying) plugin. When I use the htaccess file with this plugin and try to view admin pages, it gives me a 404 redirect. I went in and looked at my error logs and this is the error:
[warn] RewriteCond: NoCase option for non-regex pattern ‘-f’ is not supported and will be ignored.
Maybe you can enlighten me on how to fix this.
Regards,
Daniel
The error message indicates that the [NC] flag is being used with -f. This is not valid htaccess coding as you cannot use the NC flag with -f like this -f [NC]. I do not understand the rest of your question. If you are using the .htaccess coding in this plugin instead of the BPS .htaccess coding then check with the group buying plugin folks about their .htaccess coding.
Hi, I remember a while back you recommended using a login security plugin. I had a question I was hoping you might be able to answer regarding this. I realize that this has nothing to do with BPS but you are the only security expert I know of that is good about responding on their forum; plus, maybe some other BPS users will have the same question.
So here it is: I had Login Lock installed previously but it stopped working on my site. After searching, it seems that the general consensus is that this is a dead plugin now.
So now I am looking at either “Limit Login Attempts” or “Login Security Solution”.
I was wondering if you know about these 2 plugins and which you would recommend, if either.
My main concern with Limit Login Attempts is that it has not been updated for a while and is not up to date with the latest versions of WordPress.
My main concern with Login Security Solution is that it is a newer plugin.
Any advice is much appreciated.
Thanks!
My WordPress installation type is: standard wordpress single type
WordPress 3.3.2, I’m using the latest Bullet Proof Plugin 46.9
My Server is using CGI
My WordPress site is installed in the root folder
I have used AutoMagic to create my master .htaccess files
I have activated all BulletProof modes
I do this and then this error occurs only in Firefox browsers (win & osx): inline audio will not load or play. – I believe the error relates to this get command: http://www.mydomain.com/wp-content/themes/wpnocturnal/scripts/audiojs.swf?playerInstance=audiojs.instances%5B%27audiojs0%27%5D&datetime=1335871810232.5696
I am using a wp audio theme called Nocturnal (http://themeforest.net/item/nocturnal-premier-audio-wp-theme-/621573) which plays mp3 audio files inline via audiojs.swf
When I deactivate Bullet proof then the audio will load and play OK
I’m guessing I need to make a change to a .htaccess file, but I am not familiar with editing this type of file, any help/advice would be greatly appreciated
At the moment the site is under development (we’re about to go live) but if you need access to view the problem please let me know
Yes the single quote ‘ or %27 in ASCII is explicitly blocked in the BPS security filters because it is a very dangerous character to allow in query strings. These characters should not be used and should be replaced with some other safe character, but since they are being used you can try to bypass / skip either your entire Theme folder or maybe you can just create a skip / bypass for this particular query string.
Try this skip / bypass rule first – it is safer to use. This skip rule goes above skip rule 12 and if it works then you can add it to BPS Custom Code so that it will be permanent.
# Nocturnal Theme audio file query string bypass / skip rule RewriteCond %{QUERY_STRING} playerInstance=(.*) [NC] RewriteRule . - [S=13]Many thanks for the very fast repy! 🙂
I’ll give this a go
Thanks again
Matt
Thanks again, that worked a treat.
I will contact the theme author and bring this to their attention.
Kind regards
Matt
My WordPress installation type is: standard wordpress single in /wp/
My Server is using CGI
My WordPress installation / site is installed in A subfolder
I have used AutoMagic to create my master .htaccess files — successfully
I have activated all BulletProof modes — Yes
I do this and then this error occurs:
No matter what menu I click on, ONLY the WP home page is displayed,
Also, I prefer to manually upload files/images rather than go through the process of uploading via the admin. They are located in 3 sub-folders:
/wp/d PDFs for download
/wp/o PHP read-only script
/wp/n images displayed on pages called via tag
I cannot figure out to allow access to these folders.
I took a look at your website. Are you sure this is a BPS issue? It looks like a configuration problem. The problem is definitely a link structure problem.
Are you using any custom .htaccess code already?
All of your menu links are being rewritten to your home page. Are your menu links Categories or Pages?
Are you using a custom permalink structure?
Is the custom permalink structure coding, tags, etc correct?
This does not appear to be a BPS issue, but if your .htaccess files do not have the correct RewriteRules and RewriteBase this type of problem could occur.
To eliminate that this is an .htaccess problem delete the .htaccess file in your website root folder /wp.
If I deactivate BPS, all pages are 404 except for the root page.
If I activate BPS, but leave it in test mode, everything works perfectly.
So, I checked the WP general settings and confirmed that the root of the WP installation is http://domain.com/wp, as it should be.
The customer Permalink is: /%year%/%postname%/
However, only the pagename is shown in the url … no year. I don’t know how to fix that.
I have activated BPS and it appears to be working, although it didn’t before, so I’m watching everything closely.
What exactly do you mean by “deactivate BPS”?
What is “test mode”?
Permalinks ONLY affect Posts not Pages. Your menus are Page links.
Most likely all BulletProof Modes were not activated. You can quickly check your security status and if everything is ok by checking the Security Status tab page.
As you can probably tell, I’m not an expert at this. Security Status:
The .htaccess file that is activated in your root folder is:
BULLETPROOF .46.9 >>>>>>> SECURE .HTACCESS
√ wp-config.php is .htaccess protected by BPS
√ php.ini and php5.ini are .htaccess protected by BPS
√ Deny All protection activated for BPS Master /htaccess folder
√ Deny All protection activated for /wp-content/bps-backup folder
The .htaccess file that is activated in your wp-admin folder is:
BULLETPROOF .46.9 WP-ADMIN SECURE .HTACCESS
Everything is green, so it appears to be good in spite of me. =8-)
Yep all green = all good. BPS takes a little getting used to, but you will find that it is actually very simple to use after you have played around with it a bit.
I noticed that you are using Piwik for stats and this may be automatically done from within your Host Control panel or by your Host so BPS would not block that, but if you are noticing that BPS is blocking Piwik stats then refer to this fix for that issue – http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#Custom-PHP-Applications-Outside-WordPress
to allow access to folders and not have them be protected / filtered by BPS you can use one of these methods shown here >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/#Custom-PHP-Applications-Outside-WordPress
WordPress 3.3.2. – I seem to be having problems with the new version of wordpress. when I attempt to Backup the files it just gives me a page not found. This is on a fresh install of BP.
There are not any conflicts with WP 3.3.2 and BPS. What files are you attempting to backup? And how are you doing the backup? Please be very specific. Thanks.
I can’t upload (via FTP – using Filezilla) to wp-content/uploads anymore after activating BPS. I can however upload to root.
My details are as follows:
Website Root Folder: http://amsdv.com
MySQL Database Version: 5.1.61
WordPress Installation Type : Root Folder Installation
WP Permalink Structure : /%postname%/
Permalinks Enabled: √ Permalinks are Enabled
PHP Version Check: √ Running PHP5
Document Root Path: /opt/bitnami/apps/wordpress/htdocs
WP ABSPATH: /opt/bitnami/apps/wordpress/htdocs/
Parent Directory: /opt/bitnami/apps/wordpress
Server / Website IP Address: 10.253.221.244
Host by Address: domU-12-31-38-01-DA-0A.compute-1.internal
DNS Name Server: ns-552.awsdns-05.net
Public IP / Your Computer IP Address: 208.104.125.135
Server Type: Apache/2.2.15 (Red Hat)
Operating System: Linux
Server API: apache2handler – Your Host Server is using DSO or another SAPI type.
Multisite: Multisite is not enabled
Browser Compression Supported: gzip,deflate,sdch
BPS does not interfere or do anything with FTP or FileZilla in any way so this cannot be related to BPS.
Would like to invest in a security plugin but we are using nginx not apache. Would BulletProof Security work for us?
nginx uses a similar mod_rewrite equivalent, but the coding language is different then standard .htaccess coding. So no at this time BPS Pro is not compatible with nginx. Thanks.
Sorry ed, my fault: I hadn’t updated my .hta master after the recent upgrade.
Cheers,
Jeremy
My WordPress installation type is: the latest, 3.3.1, I think
My WordPress installation / site is installed here http://www.gigcity.ca
I have used AutoMagic to create my master .htaccess files
I have activated all BulletProof modes
Hi Edward,
My categories and tags disappear unless I turn the plugin off. This started this morning.
I’m using Magazine Premium as a theme. Is this a potential new wordpress conflict, as it seems to match up with a common plugin-conflict-derived issue that’s raised on the WordPress FAQ?
We’re uncapitalized, so we really do appreciate your wonderful plugin being free. But we obviously can’t stay down for long, so I can’t afford to leave it running for long.
I would need more specific information and details to be able troubleshoot this. Are you using a plugin to control your categories and tags or is your Theme controlling the WP native categories and tags functions? BPS does not affect the Native WP categories and tags in any way. I just looked at your source code and i see that you have a category called “category” in your URL’s, but the links are not valid and they go to nowhere.
A couple of questions:
1 Do I have to use maintenance mode? Or can I just work on the website adding posts etc without using it?
2. If I do use it – how do I switch back : the help info says to switch back ‘ just activate bulletproof security mode’ Does this mean clicking on the ‘security modes’ tab and then for each of the activate security modes I have to select the ‘bullet proof mode’ bullet and activate
i.e.
‘Activate Website Root Folder .htaccess Security Mode’ and then click activate,
‘Activate Website wp-admin Folder .htaccess Security Mode’ and then click ‘activate
‘Activate Deny All htaccess Folder Protection For The BPS Master htaccess Folder’ and then click activate
‘Activate Deny All htaccess Folder Protection For The BPS Backup Folder’ and then click activate
1. Nope you don’t have to use Maintenance Mode if you do not want to use it.
2. An even faster method to switch in and out of Maintenance Mode is to make a backup of your .htaccess files and then when you want to get out of Maintenance Mode just do a Restore.
If you did not use the backup and restore method then the only thing you would need to do is Activate BulletProof Mode for your Root folder and this will take you out of Maintenance Mode.
WordPress MultiSite 3.3.1, with sites as sub-directories
PHP 5.3.10 running under cgi-fcgi
Apache 2.2.21
CentOS 5.8
PHP display_errors directive: On
WP_DEBUG constant: true
I’m getting the following notices when I browse to the BPS options page. It happens both before and after I’ve configured the plugin.
It sounds like you need to use functions like isset() to check if variables and array indexes exist before trying to use them.
Yep those issues were missed in the WP_DEBUG check for .46.9. They have been corrected in BPS .47. Thanks.
In additoion to creating htccess default file and htacess secure file with automagic I have also clicked on cretae the same buttons under ‘For Network / MU Sub-directory Webites Only’ Is thsi reversable? what can I do to get back on track?
When you click the AutoMagic buttons they create Master .htaccess files. If you use the AutoMagic buttons again it will overwrite these Master .htaccess files and create brand new Master .htaccess files. If you have not activated BulletProof Modes then just create new Master .htaccess files and activate all BulletProof Modes. If you have already activated BulletProof Modes and you cannot access your WP Dashboard you would just delete the .htaccess file in the root of your website, log back in and create new files with AutoMagic and activate all BulletProof Modes. If you are able to still access your WP Dashboard then just create new files with AutoMagic and activate all BulletProof Modes.
Hi,
something got messed up with my setup. If I call “BPS Security” in the “Settings” section, I just get 2 lines of text in the upper part of the screen and the rest remains empty.
1. Line: “Why Upgrade to BulletProof Security Pro?”
2. Line: “BulletProof Security – htaccess Core”
3. Line: a horizontal divider
I deleted the plugin and reinstalled it – no change. Any hints what goes wrong?
Thanks!
Peter
OK, switching to PHP 5.3.6 cured the problem. 🙂
Hmm this is something new. In previous versions of BPS, BPS would load completely and a person would see an error message stating that BPS requires PHP5. I will look at the coding to see why this is now happening in BPS .46.9. Thank you for figuring this out.
I have the latest BPS free edition .46.9 with a standard self-hosted WordPress install and tonight my site was attacked with the Pharma malware. BPS didn’t stop the injection into the database.
I caught it because I also use the WordPress File Monitor Plus and it alerted me when the malware changed a file and dropped in a bogus one.
I cleaned everything up but wanted to let you know it happened and I still have the infected files (I downloaded them before deleting them on the server) in case you might want them
This is what I got when I scanned my site:
Security warning in the URL (for Google’s UA):
http://www.reviewgeek.net/category/movies
Known Spam detected.
Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
The BPS security filters are designed to stop this so either BPS was not set up correctly or you have a plugin that allowed the exploit due to bad coding or your Host Server was hacked and your FTP password was cracked or your WP login password was cracked. So be sure to find the point of entry and notify your Web Host, otherwise the hack will be successful again.
Hey there, just a quick question.
I came across a security service called 6scan. They seem to be in the prevention business like BPS is, and are the closest thing I think I have seen to a direct competitor. They say specifically that their service will not interfere with BPS but can be added as an additional level of security.
I was just wondering what you may have heard about this service, pros and cons, if any.
There doesn’t seem to be much on the net in the way of reviews or customer testimonials. I know you seem to have your finger on the pulse of the latest security issues and such so I thought you might have some insight.
Thanks!
This plugin actually seriously interferes with BPS and breaks BPS. Please see this comment >>> http://www.ait-pro.com/aitpro-blog/2252/bulletproof-security-plugin-support/checking-plugin-compatibility-with-bps-plugin-testing-to-do-list/comment-page-1/#comment-12370
Hi, thank you for the prompt response. I had already installed the 6scan plugin just as a free version to see what they say my security vulnerabilities are. I didn’t think that would conflict with anything.
I did not backup the new .htaccess file with the 6scan code in it, so when I reactivated BPS I think it reloaded the good one since there is no 6scan code or spaces.
I have already deactivated 6scan. Can I just delete 6scan now with no further action for BPS to be functioning properly (I don’t notice any issues right now).
Also, I am thinking of upgrading to your pro plugin. I went through the comparison page and saw that it does a ton of things that I don’t understand in the slightest.
It took me a while to get my head around what all the tabs do on the free version and how to operate it. Is the pro version going to murder me, or is it easy to configure?
Thanks!
I think in general 6scan is a good plugin, but i have not really looked at the coding in depth. I believe BPS and 6scan will work fine together, but be aware that when you activate 6scan it will add 2 blank spaces at the beginning of the root .htaccess file. By activating BulletProof Mode again for your Root folder a new Root .htaccess file will be created, which will fix the problem 6scan created on activating that plugin.
The first time installation of BPS Pro seems intimidating, but it really is no big deal and yes there is quite a lot going on in BPS Pro. We have designed BPS Pro so that a regular person who knows absolutely nothing about website security, .htaccess files, php.ini files and all the other features in BPS Pro can easily do what is needed by clicking Click Here links. BPS Pro will tell you what needs to be done and where to click. Everything is a click setup and does not require that you have any coding knowledge, experience or have to do any manual configurations. In other words a regular person gets the full benefit of a professionally secured website just by clicking until there is nothing left to click. After a first time installation is completed, all future upgrades do not require having to set things up ever again. You just simply install the latest available upgrade version of BPS Pro. Thanks.
Hello,
When i go to upgrade to latest version of WordPress via the dashboard, my system completly crashed and WP Bulletproof was mentioned in the error message (sorry I do not have a copy). Luckily, I had a backup. I am afraid to upgrade WP again.
Any ideas?
Thank you,
Randy
rbooth[at]ptd.net
Perhaps its becasue my PHP Max Upload Size: 2M..
I cannot find the php.ini file to change this…
Help plz…
PHP Server / PHP.ini Info
PHP Version: 5.2.17
PHP Memory Usage: 32.83 MB
PHP Memory Limit: 256M
PHP Max Upload Size: 2M
PHP Max Post Size: 8M
Your Max Upload size would not have anything to do with a WordPress upgrade failing. Memory limit would, but you have more than enough memory allocated. If you have BPS Pro installed then I will be glad to assist you with your php.ini file. If this is for BPS free then check with your Web Host regarding php.ini files. Thanks.
hello not sure how to post on here so…I downloaded the plugin and love it but I am getting a distorted backend of the plugin..what I mean is the top menu buttons are on the side and not displaying properly any suggestions
The most common cause for this is another plugin is using jQuery UI and that plugin is not containing its scripts to its own plugin pages – that plugin is loading its scripts throughout WordPress and also in the BPS plugin area, which breaks the BPS jQuery UI script. Try deactivating other plugins that are using jQuery UI to find out which one it is and let me know which one it is so that i can inform the plugin author and provide you with a temporary workaround fix.
Other things that can cause this – your version of PHP is PHP4 not PHP5.
You are using an incorrect php.ini or php handler.
What is your SAPI type? You will find this under System Info.
BPS does not interfere with upgrading WordPress and WordPress does not have any error messages that mention BulletProof Security. You must have seen a BPS error in addition to the WordPress upgrade failing. If you want to eliminate that BPS is interfering with upgrading WordPress.
1. Go to Backup & Restore and backup your BPS .htaccess files.
2. Go to Security Modes
2. Activate Default Mode for your Root folder.
3. Delete the wp-admin .htaccess file in Security Modes
4. Your website is now in a default WordPress state without BPS being a factor.
5. Upgrade WordPress.
6. Go to Backup & Restore and restore your BPS .htaccess files.